- Jan 8, 2011
- 22,361
Microsoft came very late to the party when it came to adding USB-C to their range of Surface laptops and PCs, and when it did eventually arrive, Microsoft disappointed many due to the ports not supporting Thunderbolt, which offers much faster data speeds and which is overall more versatile.
Now the reason for this somewhat strange choice has been revealed in a Microsoft presentation, which explains that it is all about security.
Now the reason for this somewhat strange choice has been revealed in a Microsoft presentation, which explains that it is all about security.
Thunderbolt uses DMA (Direct Memory Access) which means the port can read and write directly to your device’s RAM without the OS or processor being involved. This offers great speed, but also means a malicious device could read any part of your RAM at will, including important items such as your Bitlocker key and other encryption keys, or even inject malware which allows hackers to bypass the lock screen.
It is for the same reason, according to a Microsoft presenter, that all Surface products have soldered RAM, as attackers could use liquid nitrogen to preserve the state of a RAM chip without power, move the chip to an external RAM reader, and then get full unprotected access to your RAM, including encryption keys.
WalkingCat found the video presentation [Video on Twitter]
Interestingly Microsoft did introduce Kernel DMA Protection to protect PCs against drive-by Direct Memory Access (DMA) attacks using PCI hotplug devices connected to Thunderbolt 3 ports with Windows 10 1803, meaning Microsoft will hopefully someday release a Surface with Thunderbolt 3.